hi all,

I have three OSCommerce sites running on a reseller UNIX account.

I discovered that there were strange PHP files on all three installations. I have deleted the files, and kept one locally to poke around in.

This seems to be quite common and is caused by having 777 permissions on the folders that need to have images etc uploaded to them. I have changed them to 755 for the time being, but now OSCommerce can't write to these folders, so customers can't add product photos.

This page says the following:

Set the permissions on ALL folders to 755. If your host has PHP installed as CGI through suExec (the proper method), then your site will run fine this way. If they have PHP installed as a module, you will get a warning from oscommerce saying that it is unable to write to the images folder. Setting permissions back to 777 will make the message go away but it will leave you open to an attack.
Does this make sense? Is reseller hosting with this configuration generally available?

My host has told me that customers should use cpanel or FTP to upload product images, which I've told them is not an option. Waiting for their reply.

thanks in advance,

Eoin